Skip to content

Building a new permissions model

Jump to bottom Edit New page
jsonH edited this page Nov 17, 2016 · 18 revisions

New Permissions for Ilios

Ilios is long overdue for a new permissions system and the time has arrived. We're seeking input and ideas for our new access control system.

Overview

When this work is complete permissions in Ilios will be granted based on the users relationships. For an example if an instructor is teaching an offering they will be considered an instructor on the session and course that offering is connected to. We hope this will simplify permissions significantly since you will not need to grant special access, just connecting a user to an offering, course, or session will give them permissions.

In order to account for the varied needs of each campus using Ilios the actions a user can take based on their relationships will be completely customizable. This will allow for one school to grant instructors on a course full editing permissions and another school to restrict instructors to a read only view.

Personas

Alysa

Alysa is a student in Medicine Class of 2020 she has been asked to lead a discussion group for the Ethics 101 course and needs the ability to ....

  • manage a single offering for a single session of Ethics 101: control group assignments, instructor assignments, and time.
  • View Only: session details, course details.

Chris

Chris is the lead administrator in the School of medicine he needs to be able to change anything across the school.

  • add/mod/delete programs
  • add/mod/delete program years
  • add/mod/delete competency lists
  • add/mod/delete vocabularies
  • add/mod/disable users
  • update users from sync
  • assign students from sync to cohort
  • add/mod/delete learner groups
  • add/mod/delete instructor groups
  • add/mod/delete courses and all associated course details (session, offering, etc)
  • publish all publishable Ilios items (course, session, program, program year)
  • unpublish all unpublishable Ilios items (course, session, program, program year)
  • schedule all schedule-able Ilios items (course, session, program, program year)
  • assign permissions and roles to users

Meghan

Meghan works for Chris, she needs to be able to do most of the things Chris can do with limits.

  • add/mod/disable users
  • update users from sync
  • assign students from sync to cohort
  • add/mod learner groups
  • add/mod instructor groups
  • add/mod courses and add/mod/delete all associated course details (session, offering, etc)
  • publish all publishable Ilios items (course, session, program, program year)
  • unpublish all unpublishable Ilios items (course, session, program, program year)
  • schedule all schedule-able Ilios items (course, session, program, program year)
  • assign permissions and roles to users

Dan

Dan supports administrators in every school he needs to have broad powers across schools.

  • add/mod/delete programs
  • add/mod/delete program years
  • add/mod/delete competency lists
  • add/mod/delete vocabularies
  • add/mod/disable users
  • update users from sync
  • assign students from sync to cohort
  • add/mod/delete learner groups
  • add/mod/delete instructor groups
  • add/mod/delete courses and all associated course details (session, offering, etc)
  • publish all publishable Ilios items (course, session, program, program year)
  • unpublish all unpublishable Ilios items (course, session, program, program year)
  • schedule all schedule-able Ilios items (course, session, program, program year)
  • assign permissions and roles to users

Xavier

Xavier builds the links between curriculum inventory and AAMC and must be able to control link tables in ilios

  • add/mod/delete programs
  • add/mod/delete program years
  • add/mod/delete competency lists
  • add/mod/delete vocabularies
  • add/mod/disable users
  • update users from sync
  • assign students from sync to cohort
  • add/mod/delete learner groups
  • add/mod/delete instructor groups
  • add/mod/delete courses and all associated course details (session, offering, etc)
  • publish all publishable Ilios items (course, session, program, program year)
  • unpublish all unpublishable Ilios items (course, session, program, program year)
  • schedule all schedule-able Ilios items (course, session, program, program year)
  • assign permissions and roles to users
  • update mapping tables

Miro

Miro manages the Ilios installation and needs to be able to play around and test stuff

  • add/mod/delete programs
  • add/mod/delete program years
  • add/mod/delete competency lists
  • add/mod/delete vocabularies
  • add/mod/disable users
  • update users from sync
  • assign students from sync to cohort
  • add/mod/delete learner groups
  • add/mod/delete instructor groups
  • add/mod/delete courses and all associated course details (session, offering, etc)
  • publish all publishable Ilios items (course, session, program, program year)
  • unpublish all unpublishable Ilios items (course, session, program, program year)
  • schedule all schedule-able Ilios items (course, session, program, program year)
  • assign permissions and roles to users

Sally

Sally is the Dean and reports CI information to AAMC

  • add/mod/delete programs
  • add/mod/delete program years
  • add/mod/delete competency lists
  • add/mod/delete vocabularies
  • update users from sync
  • assign students from sync to cohort
  • add/mod/delete instructor groups
  • add/mod courses and all associated course details (session, offering, etc)
  • publish all publishable Ilios items (course, session, program, program year)
  • unpublish all unpublishable Ilios items (course, session, program, program year)
  • schedule all schedule-able Ilios items (course, session, program, program year)

Roles derived from

Roles will be derived from a users relationships. The places a user is connected to a thing are:

  • ILIOS

    • Root
    • Super User (not necessary to break down these into different levels, root is the only global role)
    • Director
    • Administrator

  • School

    • Director
    • Administrator

  • Program

    • Director
    • Administrator

  • Course

    • Director
    • Administrator

  • Session

    • Administrator
    • Instructors (from offering instructors)
root school director school admin program director course director course admin session admin session instructor
School: add schools X
School: delete schools X
School: modify schools X
School: create/modify/delete competency X
Program: add/mod/delete programs X
Program: add/mod/delete program years X
Program: link/unlink competency lists X
Program: add/mod/delete vocabularies X
Program: add/mod/disable users X
Program: update users from sync X
Program: assign students from sync to cohort X
Program: add/mod/delete user groups X
Program: add/mod/delete instructor groups X
Program: add/mod/delete courses and all associated course details X
Program: publish all publishable Ilios items (course, session, program, program year) X
Program: unpublish all publishable Ilios items (course, session, program, program year) X
Program: schedule all schedule-able Ilios items (course, session, program, program year) X
Program: assign permissions and roles to users X
Program: update mapping tables X
Course: Create Session X
Course: Edit Title X
Course: Edit Overview Attributes (id, type, etc) X
Course: Add/Remove Directors X
Course: Rollover X
Course: Publish X
Course: UnPublish X
Course: Schedule X
Course: Add/Remove Admins X
Course: Add Objective X
Course: Edit Objective X
Course: Delete Objective X
Course: Add/Remove Objective Parent Objective X
Course: Add/Remove Objective MeSH Term X
Course: Add Term X
Course: Remove Term X
Course: Add Mesh X
Course: Remove Mesh X
Course: Link Learning Material X
Course: Add new Learning Material X
Course: Edit LM Link X
Course: Add Cohort X
Course: Remove Cohort X
Session: Create Offering X
Session: Edit Title X
Session: Edit Overview Attributes (id, type, etc) X
Session: Publish X
Session: UnPublish X
Session: Add Objective X
Session: Edit Objective X
Session: Delete Objective X
Session: Add/Remove Objective Parent Objective X
Session: Add/Remove Objective MeSH Term X
Session: Add Term X
Session: Remove Term X
Session: Add Mesh X
Session: Remove Mesh X
Session: Link Learning Material X
Session: Add new Learning Material X
Session: Edit LM Link X

Matrix of permissions

Add a custom footer
Add a custom sidebar
Clone this wiki locally